Scribd
Upload
16 views37 pages

Digiital Signature

Uploaded by

naseriikramudin63
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
16 views37 pages

Digiital Signature

Uploaded by

naseriikramudin63
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 37

Digital Signature

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

13.1
Chapter 13
Objectives
 To define a digital signature
 To define security services provided by a digital
signature
 To define attacks on digital signatures
 To discuss some digital signature schemes, including
RSA, ElGamal,
 Schnorr, DSS, and elliptic curve
 To describe some applications of digital signatures

13.2
13-2 PROCESS

Figure 13.1 shows the digital signature process. The


sender uses a signing algorithm to sign the message.
The message and the signature are sent to the receiver.
The receiver receives the message and the signature
and applies the verifying algorithm to the
combination. If the result is true, the message is
accepted; otherwise, it is rejected.

Topics discussed in this section:


13.2.1 Need for Keys
13.2.2 Signing the Digest
13.8
13-2 Continued

Figure 13.1 Digital signature process

13.9
13.2.1 Need for Keys

Figure 13.2 Adding key to the digital signature process

Note
A digital signature needs a public-key system.
The signer signs with her private key; the verifier
verifies with the signer’s public key.
13.10
13.2.2 Signing the Digest

Figure 13.3 Signing the digest

13.12
13-3 SERVICES

We discussed several security services in Chapter 1


including message confidentiality, message
authentication, message integrity, and nonrepudiation.
A digital signature can directly provide the last three;
for message confidentiality we still need
encryption/decryption.
Topics discussed in this section:
13.3.1 Message Authentication
13.3.2 Message Integrity
13.3.3 Nonrepudiation
13.3.4 Confidentiality

13.13
13.3.1 Message Authentication

A secure digital signature scheme, like a secure


conventional signature can provide message
authentication.

Note
A digital signature provides message
authentication.

13.14
13.3.2 Message Integrity

The integrity of the message is preserved even if we sign


the whole message because we cannot get the same
signature if the message is changed.

Note

A digital signature provides message integrity.

13.15
13.3.3 Nonrepudiation

Figure 13.4 Using a trusted center for nonrepudiation

Note

Nonrepudiation can be provided using a trusted


party.
13.16
13.3.4 Confidentiality

Figure 13.5 Adding confidentiality to a digital signature scheme

Note

A digital signature does not provide privacy.


If there is a need for privacy, another layer of
encryption/decryption must be applied.
13.17
13-5 DIGITAL SIGNATURE SCHEMES

Several digital signature schemes have evolved during


the last few decades. Some of them have been
implemented.

Topics discussed in this section:


13.5.1 RSA Digital Signature Scheme
13.5.2 ElGamal Digital Signature Scheme
13.5.3 Schnorr Digital Signature Scheme
13.5.4 Digital Signature Standard (DSS)
13.5.5 Elliptic Curve Digital Signature Scheme
13.21
13.5.1 RSA Digital Signature Scheme

Figure 13.6 General idea behind the RSA digital signature scheme

13.22
13.5.1 Continued
Key Generation
Key generation in the RSA digital signature scheme is
exactly the same as key generation in the RSA

Note
In the RSA digital signature scheme, d is private;
e and n are public.

13.23
13.5.1 Continued

Signing and Verifying

Figure 13.7 RSA digital signature scheme

13.24
RSA Algorithm Example
•Choose p = 3 and q = 11

•Compute n = p * q = 3 * 11 = 33
•Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
•Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
•Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1]
•Public key is (e, n) => (7, 33)
•Private key is (d, n) => (3, 33)
•The encryption of m = 2 is c = 27 % 33 = 29
•The decryption of c = 29 is m = 293 % 33 = 2

13.25
13.5.1 Continued

Example 13.1
As a trivial example, suppose that Alice chooses p = 823 and q =
953, and calculates n = 784319. The value of (n) is 782544. Now
she chooses e = 313 and calculates d = 160009. At this point key
generation is complete. Now imagine that Alice wants to send a
message with the value of M = 19070 to Bob. She uses her private
exponent, 160009, to sign the message:

Alice sends the message and the signature to Bob. Bob receives the
message and the signature. He calculates

Bob accepts the message because he has verified Alice’s signature.

13.26
13.5.1 Continued

RSA Signature on the Message Digest


Figure 13.8 The RSA signature on the message digest

13.27
13.5.1 Continued

Note
When the digest is signed instead of the message
itself, the susceptibility of the RSA digital signature
scheme depends on the strength of the hash
algorithm.

13.28
13.5.2 ElGamal Digital Signature Scheme

Figure 13.9 General idea behind the ElGamal digital signature scheme

13.29
13.5.2 Continued

Key Generation
The key generation procedure here is exactly the same as
the one used in the cryptosystem.

Note
In ElGamal digital signature scheme, (e1, e2, p) is
Alice’s public key; d is her private key.

13.30
13.5.2 Continued

Verifying and Signing

Figure 13.10 ElGamal digital signature scheme

13.31
13.5.1 Continued
Example 13.2
Here is a trivial example. Alice chooses p = 3119, e1 = 2, d = 127
and calculates e2 = 2127 mod 3119 = 1702. She also chooses r to be
307. She announces e1, e2, and p publicly; she keeps d secret. The
following shows how Alice can sign a message.

Alice sends M, S1, and S2 to Bob. Bob uses the public key to
calculate V1 and V2.

13.32
13.5.1 Continued
Example 13.3

Now imagine that Alice wants to send another message, M = 3000,


to Ted. She chooses a new r, 107. Alice sends M, S1, and S2 to Ted.
Ted uses the public keys to calculate V1 and V2.

13.33
13.5.3 Schnorr Digital Signature Scheme

Figure 13.11 General idea behind the Schnorr digital signature scheme

13.34
13.5.3 Continued

Key Generation
1) Alice selects a prime p, which is usually 1024 bits in length.
2) Alice selects another prime q.
3) Alice chooses e1 to be the qth root of 1 modulo p.
4) Alice chooses an integer, d, as her private key.
5) Alice calculates e2 = e1d mod p.
6) Alice’s public key is (e1, e2, p, q); her private key is (d).

Note
In the Schnorr digital signature scheme, Alice’s
public key is (e1, e2, p, q); her private key (d).
13.35
13.5.3 Continued

Signing and Verifying

Figure 13.12 Schnorr digital signature scheme

13.36
13.5.3 Continued

Signing
1. Alice chooses a random number r.
2. Alice calculates S1 = h(M|e1r mod p).
3. Alice calculates S2 = r + d × S1 mod q.
4. Alice sends M, S1, and S2.

Verifying Message

1. Bob calculates V = h (M | e1S2 e2−S1 mod p).


2. If S1 is congruent to V modulo p, the message is
accepted;

13.37
13.5.1 Continued
Example 13.4
Here is a trivial example. Suppose we choose q = 103 and p = 2267.
Note that p = 22 × q + 1. We choose e0 = 2, which is a primitive in
Z2267*. Then (p −1) / q = 22, so we have e1 = 222 mod 2267 = 354. We
choose d = 30, so e2 = 35430 mod 2267 = 1206. Alice’s private key is
now (d); her public key is (e1, e2, p, q).
Alice wants to send a message M. She chooses r = 11 and
calculates e2 r = 35411 = 630 mod 2267. Assume that the message is
1000 and concatenation means 1000630. Also assume that the hash
of this value gives the digest h(1000630) = 200. This means S1 =
200. Alice calculates S2 = r + d × S1 mod q = 11 + 1026 × 200 mod
103 = 35. Alice sends the message M =1000, S1 = 200, and S2 = 35.
The verification is left as an exercise.

13.38
13.5.4 Digital Signature Standard (DSS)

Figure 13.13 General idea behind DSS scheme

13.39
13.5.4 Continued

Key Generation.
1) Alice chooses primes p and q.

2) Alice uses <Zp*, × > and <Zq*, ×>.

3) Alice creates e1 to be the qth root of 1 modulo p.

4) Alice chooses d and calculates e2 = e1d.

5) Alice’s public key is (e1, e2, p, q); her private key is (d).

13.40
13.5.4 Continued
Verifying and Signing

Figure 13.14 DSS scheme

13.41
13.5.1 Continued
Example 13.5
Alice chooses q = 101 and p = 8081. Alice selects e0 = 3 and
calculates e1 = e0 (p−1)/q mod p = 6968. Alice chooses d = 61 as the
private key and calculates e2 = e1d mod p = 2038. Now Alice can
send a message to Bob. Assume that h(M) = 5000 and Alice
chooses r = 61:

Alice sends M, S1, and S2 to Bob. Bob uses the public keys to
calculate V.

13.42
13.5.4 Continued

DSS Versus RSA


Computation of DSS signatures is faster than
computation of RSA signatures when using the same p.

DSS Versus ElGamal


DSS signatures are smaller than ElGamal signatures
because q is smaller than p.

13.43
13.5.5 Elliptic Curve Digital Signature Scheme

Figure 13.15 General idea behind the ECDSS scheme

13.44
13.5.5 Continued

Key Generation
Key generation follows these steps:

1) Alice chooses an elliptic curve Ep(a, b).

2) Alice chooses another prime q the private key d.

3) Alice chooses e1(…, …), a point on the curve.

4) Alice calculates e2(…, …) = d × e1(…, …).

5) Alice’s public key is (a, b, p, q, e1, e2); her private key


13.45
is d.
13.5.5 Continued

Signing and Verifying


Figure 13.16 The ECDSS scheme

13.46

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy